hi chris On Fri, 2011-08-12 at 17:00 -0400, Chris Buechler wrote:
> On Fri, Aug 12, 2011 at 9:54 AM, mayak-cq <[email protected]> wrote: > > hi again, > > > > i am now wondering why it is necessary to have gateway defined in the > > WAN interface ... > > > > Because that's what determines for NAT purposes whether something is > treated as a WAN. > > > > if in the gateway definition, a gateway is flagged as the default, that > > should be enough, no? > > > > That's where your Internet traffic that doesn't match policy routing goes. > > > > what appears to be happening is that policy routes as defined in LAN > > rules are being overwritten by the gateway as defined in the WAN > > interface. > > > > It does not, policy routing rules override the system routing table. i just tried booting pfsense as a live cd, entered the minimum basic information, ran tests, and wan interface route overrules my policy route. this running in a vmware box, but i don't think that should influence policy routing. i tested a lan rule that blocks a client, and that worked, and when i changed back to "pass", the client uses wan interface default route in stead of policy route. is there a way to query pfsense to show its routing decision? thanks m
